Acceptable Use Policy
Acceptable Use Policy
Acceptable Use Policy
Businesses and institutions want to have some sort of control over what activity takes
place on their networks. Limiting what users can browse, download, and search on the
internet is all a part of keeping a safe network. If an employee were to open a
suspicious attachment or visit unsecured websites, they could make your network
vulnerable to hackers and viruses. User Productivity Monitoring Tools for creating a
safe environment and with detailed governance.
An AUP can help ensure users are following the law. For instance, an AUP may strictly
prohibit users from pirating music, movies, or other files. It may outline that if a user is
violating these rules, they will be banned from the network. Having users break the
law on your network can become a liability for your business, which is why outlining
these prohibited activities in your AUP is so essential.
Focus on Productivity
Businesses can use it to ensure their employees are working on their tasks rather than
browsing social media or tending to personal communications. Use Employee
Productivity Monitoring Tools for ensuring the safe usage parameters inside the
Organization.
Employers should have an internet use policy to ensure their employees are staying
on task during working hours. The level of freedom your team gets should depend on
the type of work they do. For instance, creative teams may need a larger scope of
access to be able to check out social media trends and pop culture. Other teams may
need access to the news or local reports to do their job right.
When deciding what's allowed, remember that your employees want to be treated like
adults. An overly restrictive AUP may hinder their work and make them feel that you
can't trust them. Many businesses choose to restrict the following type of websites:
• Social media
• Streaming
• Shopping
• News
• Personal email/communications
• Pornography
• Gambling
• Illegal activity
Cybersecurity
Protecting sensitive information is at the heart of most AUPs. It's crucial that you
outline which at-risk behaviours employees should avoid when using your network. A
data breach could cost your business and employees a lot of time and money, so use
your AUP to outline these common security policies:
Private Information
Guest Users
Many businesses have a separate network for their guests. When a guest logs on,
they usually have to sign an AUP. In this document, it's wise to make your policies
even stricter for those who are not employees. Make sure guests cannot access
internal files or information.
More often than not, users skim over an AUP without actually absorbing what is
included in the agreement. That's why you should also include the terms of your AUP
in your employee handbook. Along with this, you should also make the policies
common knowledge for all employees. You could do this during the onboarding
process or have an annual review of your AUP.
When employees know there are actual consequences for violating your AUP, they
are more likely to follow your parameters. Have a clear policy on what management
will do if an employee is caught misusing the network. If you do learn that a user is
breaking the terms of your AUP, you need to enact these consequences consistently.
If you give people a free pass all of the time, employees are unlikely to take your AUP
seriously.
An Acceptable Use Policy is also one of the few documents that can physically show
“due diligence” with regards to the security of your network and the protection of
sensitive information and client data in the event of a breach or regulatory audit.
The findings of the recently released SANS Institute 2016 Threat Landscape Study
and fourth annual Checkpoint Security Report may help to provide some additional
perspective on why an Acceptable Use Policy is imperative for your organization. The
study reveals a 400 percent increase in the loss of business data records over the past
3 years. The most common entry point for threats into a network? End user actions.
The arguments between productivity, protection and privacy can make mobile device
security a difficult topic to address. Users are now more comfortable blurring the lines
between personal and work when it comes to personal mobile devices, not always
thinking about the implications. Most employees do not want to be the cause of a
network breach or data loss, yet one in five will do so either through malware or
malicious WiFi. All it takes is one infection on one device to impact both corporate
and personal data and networks.
We have spoken to clients and prospective clients that respond to our question about
having an Acceptable Use Policy with a quizzical look and even indifference.
Depending on the type of data that passes or is stored on your network, and who/what
has access to your network – apathy is a recipe for disaster. Counting on an end user
alone to “do the right thing” is not a viable security strategy.
When is it OK to send information outside the enterprise via e-mail, blogs and message
boards, media sharing and instant messages - When is it not?
Have an understanding of what records and data are vital to the survival of your
organization and the internal and external forces that can affect them.
Create policies that consider business assets, processes and employee access to files
and data.
Address employee-generated content, communication channels and connected
devices.
Monitor and enforce policy via security technology and human oversight.
A signed copy of the policy should be included in each employee file, backed up with
your vital records and included in your business continuity plan.